[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] S/Key's
- To: [email protected]
- Subject: Re: [FW-1] S/Key's
- From: Lars Troen <[email protected]>
- Date: Tue, 25 Jun 2002 10:42:51 +0200
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcIcGp8ogtVPxg1ORQmKhOLBhDM0RgACI9wQ
- Thread-Topic: [FW-1] S/Key's
I've upgraded a system with skey user authentication (From 4.1sp5 to NGfp2) and the password otp counter had been reset so the users had to authenticate with their first passwords from the top of the list (making this not a one time password, but a two time password scheme <g>). Didn't experience the errors you're descibing here though.
Lars
> -----Original Message-----
> From: Markus Hofbauer [mailto:[email protected]]
> Sent: Tuesday, June 25, 2002 08:55
> To: [email protected]
> Subject: [FW-1] S/Key's
>
>
> Hi all,
>
> Yesterday I ran into the following situation:
>
> Upgrading a Stonebeat HA Cluster 3.1.4 with Checkpoint FW-1 4.1 Sp3
> to Stonebeat 3.1.6 FW-1 NG SP2 (also splitted up the standalone
> installation on the secondary node to a seperate management station).
> Hotfixes for SB and CKP are applied.
>
> The customer used S/Keys for some users to authenticate. After
> upgrading I generated a new list of keys for a user. I got the
> keys and installed the whole policy (including the user-database).
>
> First try:
> Gateway does not support skey
> Ok, this problem was easily solved.
>
> Second try:
> user is not recognized by skey system
>
> (both messages appear on the client site)
>
> Phoneboy-solution http://www.phoneboy.com/faq/0225.html doesn't
> help. I tried to create a new user with skey-authentication...
> no success.
>
> Found no hint in the CKP-Knowledgebase.
>
> After some troubleshooting I found out, that the file fwuserauth.keys
> in $FWDIR/database is empty. On the management station and on the
> primary node...
>
> Ok, so this is the reason why the "user is not recognized by the
> skey system"... but why?
>
> I've seen this also on a Cluster-XL installation (migrating from
> a standalone installation to C-XL; separate mgmt-station).
> ((The problem disappeared because all the users switched to the
> newly installed SecurID authentication.))
>
>
> Thanks for any hint,
> ho
>
> -------------------------------------------------------------------
> Markus Hofbauer IT-Service
> phone : +43 (1) 60 126-34 Internet & Security
> fax : +43 (1) 60 126-4 Bacher Systems EDV GmbH
> mail: [email protected] Wienerbergstr. 11B
> www : http://www.bacher.at/ A-1101 Wien, Austria, Europe
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================